General
-
Target
PL_017_603_789.xlsx
-
Size
8KB
-
Sample
210503-rgsfvm1176
-
MD5
1a03e1c83f77a1530ab877f49eb5d847
-
SHA1
c6b5ccdfbce66dacdaa5873cc3193cb0f5417ffb
-
SHA256
252db8ee3c10aeb1589590a3866ed4ef1e4824656916c1c1b2ae3f2f6b51ab80
-
SHA512
8bbb30f47225ca8580386edbeafc9783692bdbc10ffc71dbd653a8f8a82831edfa83169619d47c5061b52c1341ea77ae049cd64bacaa597adc45ea933f7ca471
Static task
static1
Behavioral task
behavioral1
Sample
PL_017_603_789.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PL_017_603_789.xlsx
Resource
win10v20210408
Malware Config
Extracted
oski
205.185.120.57
Targets
-
-
Target
PL_017_603_789.xlsx
-
Size
8KB
-
MD5
1a03e1c83f77a1530ab877f49eb5d847
-
SHA1
c6b5ccdfbce66dacdaa5873cc3193cb0f5417ffb
-
SHA256
252db8ee3c10aeb1589590a3866ed4ef1e4824656916c1c1b2ae3f2f6b51ab80
-
SHA512
8bbb30f47225ca8580386edbeafc9783692bdbc10ffc71dbd653a8f8a82831edfa83169619d47c5061b52c1341ea77ae049cd64bacaa597adc45ea933f7ca471
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-